The spec is at
Whatever we are doing, underscore is allowed by the spec. DNS is irrelevant here
because hostnames are not limited to DNS names.
It is reasonable for us to limit Host to be the set of allowed virtual hosts we are
willing to match, so we can certainly exclude the weird delimiters, but we
don't want to prevent access to hosts we allow to be configured.
BTW, note that the second link above is to the current editors' draft of HTTP,
which is being revised now. If anyone wants to reduce the grammar here or
elsewhere, now is the time to make it an issue at